"If you consider NetApplications' data set, then Linux owns only about 1 percent of the desktop OS market and Windows has almost 92 percent. But if you consider all computing platforms, including mobile, than Windows has only 20 percent and Linux has 42 percent - and that would be in the form of Google's Android alone." No more or less legitimate than claiming Windows owns 92% of the market. It's all a matter of perspective.

These apply to ANY OS whatsoever, as long as that OS allows users to run unsigned executables on a local system. It's the end-user that is the problem, and switching to Linux doesn't solve that.

Actually, it doesn't apply to Linux. Linux distributions do solve this issue. It is entirely possible to run a fully functional Linux desktop system wherein every single package that you use on the system is covered by the Linux package management software.

You see, when developers collaborate to develop open source code, they vet each other. They pour over one another's code constantly. It is effectively impossible for one of them to slip in malicious code because the other developers will simply reject it.

The development team is made up of developers from all over the world. You can rest assured that their collaborative output is free of malware.

Now large and popular Linux distributions such as Ubuntu have an extensive and public, transparent, auditable system of compiling such code, placing it in repositories, and allowing it to be securely downloaded (yes, it is signed code) and installed on end users systems. These signed-code package management systems for the major distributions have been in use for decades, for tens of thousands of packages, for millions of users making hundreds to thousands of downloads each, with never a failure.

Here is the comparable situation for Windows, which lacks effective system-wide package management:

Malware can get in to a Windows system via a trojan horse package, even though there is no malware at all in the original source code of VLC made by the FOSS development team.

Furthermore, once VLC is in the repositories of a major Linux distribution with signed package management ... if the VLC project discover (or is made aware of) a security vulnerability, the VLC team will fix the source code with a security update. The Linux distributions will recompile VLC from the fixed source code, and place the updated binary in their security updates repository. Linux systems worldwide will run scheduled updates of their package management software (say every two days), and automatically detect that a security update for VLC is available, and notify the users of the system.

Since VLC is not Microsoft software, there is no equivalent process for VLC on Windows. Windows update won't cover security updates for VLC for Windows.

"These apply to ANY OS whatsoever, as long as that OS allows users to run unsigned executables on a local system. It's the end-user that is the problem, and switching to Linux doesn't solve that.

Actually, it doesn't apply to Linux. "

Yes, it does. You're only assuming that end-users will only ever execute stuff that was gotten from official repos, but if they execute stuff that wasn't gotten from those the same problem applies to Linux just as much.

Here is the comparable situation for Windows, which lacks effective system-wide package management:

Windows Store does work as a system-wide package management system, and yes, a VLC for Metro UI is in the works.

"[q]These apply to ANY OS whatsoever, as long as that OS allows users to run unsigned executables on a local system. It's the end-user that is the problem, and switching to Linux doesn't solve that.

Actually, it doesn't apply to Linux. "

Yes, it does. You're only assuming that end-users will only ever execute stuff that was gotten from official repos, but if they execute stuff that wasn't gotten from those the same problem applies to Linux just as much. [/q]

No, it doesn't apply to Linux in that Linux has a useable solution.

I make no such assumption. Quoting myself: "It is entirely possible to run a fully functional Linux desktop system wherein every single package that you use on the system is covered by the Linux package management software."

If you do that, then no malware can arrive on your Linux system via a trojan.